Data Protection

CISV takes the privacy of our participants and volunteers seriously and we strive to ensure good Data Protection practices in all parts of our organization.

CISV International makes continual efforts to respect your privacy and to be clear with you about the type of data we will need from you, how we will use it, and for what reasons. We know how important your privacy is to you and we work with our volunteers, staff, and host families around the world to keep your information as safe and confidential as possible.

We have developed several resources to assist our National Associations, Chapters, and Volunteers in ensuring good Data Protection everywhere.

First among these is our “Data Protection Miniguide” – this document summarises and explains CISVs approach to Data Protection. This approach is based on the General Data Protection Regulation from the European Union.

Second, we have developed a document, that details how we gather, use, store, destroy, and archive the data we collect in the forms related to our international programmes. The document “Data Protection and CISV Forms” is particularly useful to the staff, leaders, and local contact persons for our programmes.

For those involved with the technical side of Data Protection, we have included a few relevant questions and answers below.

Data Protection FAQs

What is authentication?

Authentication is when an individual (a real person) accesses a certain electronic service (IT system) and before doing so is asked a username and a password to prove their identity.

What is authorisation?

Authorisation is the mechanism of assigning permissions for certain actions within an electronic service (IT system) to an individual who has authenticated before. An example for authorisation is the permit to read or write a certain file or folder in a file sharing system (like e.g. ”collaboration.cisv.org”)

What is the best web platform with encryption that can be recommended to collect information?

CISV International uses Microsoft Office 365 to manage their data and apply necessary security measures to shared files. Microsoft has been certified under EU data protection regulations for some years already. When the EU announced termination of the Safe Harbour agreement between the US and EU and replaced it with the Privacy Shield Framework, Microsoft was among the first businesses to certify themselves. Also Google and GSuite is certified under the Privacy Shield Framework. Hence, also GSuite is a suitable solution to collect files and data and work on them collaboratively. This, of course, only applies when individuals accessing this data are forced to authenticate before doing so (i.e.: do not use anonymous links with (sensitive) personal data).

What is TLS?

TLS – or transport layer security – is a protocol for data and/or files that travels between your computer and an internet server. It was formerly called ”SSL” (secure socket layer). Both terms refer to the fact that the data travelling between computers in the internet is encrypted. You can identify a website’s use of this protocol – hence: a website using encryption – by looking at the little ”S” before the colon in your browser’s address line (e.g. https://collaboration.cisv.org). This not only applies to CISV websites but to everything you do in the internet. If data travelling from your computer to the webserver is being encrypted, hackers who manage to catch your data are not easily able to actually read and use it.

Whom are we protecting data from when we emphasise the use of the TLS protocol (i.e. httpS://xxx.yyy.zzz websites) for forms?

In general, when we use data transfer methods that encrypt data upon transit (when travelling between computers or mobile devices), we protect them from being read and used when a non-authorised person (a ”hacker”) catches the data.

What if I would like to get involved in IT projects in CISV International to help with this work?

Several projects are run under the CISV International IT umbrella at this moment (e.g. eMail Migration (finalised), SharePoint/Collaboration migration, consolidation of servers, One-Identity, …). All of these projects are run with GDPR in mind to ensure CISV’s IT compliancy with the regulation. If you feel, you can add value to these projects, please do let us know via eMail to Thom Kunz.